cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1432
Views
15
Helpful
11
Replies
NeerajS
Beginner

IR829 How to configure NAT

Hello All,

We have an IR829GW router.  I need to use it as a typical old school NAT router such that whatever devices are behind it use a NAT IP for the traffic that's going outbound ( For instance Internet access).  I have looked in the config guide and couldn't find any instructions regarding this. Secondly,  this device has a hyper-visor style architecture. Can someone educate me what is the purpose of creating a VM on such devices ?  What would be the use-case ?

 

My internal devices are connected to a L2 switch which in-turn will have a uplink from one of the interfaces of this IR829. My requirement is that all internet bound traffic originating from these internal devices should be Dynamic NAT'd or PAT  based on whatever NAT IP i assign.

 

THanks

 

1 ACCEPTED SOLUTION

Accepted Solutions

Hello,

 

the below should do it (important parts marked in bold). The IP address assigned to the VLAN 1 interface is arbitrary, if yours is different, you need to change the access list 1 to match the IP address space you are using.

 

version 15.6
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service internal
!
hostname 829
!
boot-start-marker
boot system flash:/ir800-universalk9-mz.SPA.156-3.M0a
boot-end-marker
!
no aaa new-model
ethernet lmi ce
service-module wlan-ap 0 bootimage autonomous
!
ignition off-timer 900
!
ignition undervoltage threshold 9
!
no ignition enable
!
no ip domain lookup
ip inspect WAAS flush-timeout 10
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
chat-script lte "" "AT!CALL" TIMEOUT 20 "OK"
!
license udi pid IR829-2LTE-EA-BK9 sn FGL2032219N
!
redundancy
notification-timer 120000
!
controller Cellular 0
lte sim data-profile 3 attach-profile 1
lte modem link-recovery rssi onset-threshold -110
lte modem link-recovery monitor-timer 20
lte modem link-recovery wait-timer 10
lte modem link-recovery debounce-count 6

interface GigabitEthernet0
no ip address
shutdown
!
interface GigabitEthernet1
no ip address
!
interface GigabitEthernet2
no ip address
!
interface GigabitEthernet3
no ip address
!
interface GigabitEthernet4
no ip address
!
interface Wlan-GigabitEthernet0
no ip address
!
interface GigabitEthernet5
description Uplink to WAN Router
ip address dhcp
ip nat outside
duplex auto
speed auto
!
interface Cellular0
no ip address
encapsulation slip
dialer in-band
dialer string lte
!
interface Cellular1
no ip address
encapsulation slip
!
interface wlan-ap0
no ip address
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
!
interface Async0
no ip address
encapsulation scada
!
interface Async1
no ip address
encapsulation scada
!
ip forward-protocol nd
!
ip http server
ip http secure-server
!
ip nat inside source list 1 interface GigabitEthernet5 overload
!
ip route 0.0.0.0 0.0.0.0 GigabitEthernet5
!
dialer-list 1 protocol ip permit
!
ipv6 ioam timestamp
!
access-list 1 permit 192.168.1.0
!
control-plane
!
line con 0
stopbits 1
line 1 2
stopbits 1
line 3
script dialer lte
no exec
transport preferred lat pad telnet rlogin lapb-ta mop udptn v120 ssh
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
rxspeed 150000000
txspeed 50000000

!
no scheduler max-task-time

View solution in original post

11 REPLIES 11
Georg Pauwen
VIP Expert

Hello,

 

are you using the IR829 as a cellular Internet router, and are you using the integrated wireless AP as well ? Post the config you currently have...

Hello Georg, This is a new device out of the box. Please find attached run config file. I am currently not using it as IR Router or AP. For now we just want to give devices behind it, access to internet using PAT . I will be connecting the Internet Uplink connection to it's WAN interface port.  The internal devices that i am referring to are connected to a L2 switch and this Switch is in turn connected to the GE1 (LAN) interface.   One dumb question if i may, I need to enable http web UI on this. Do i just run a "ip http-server" from the enable mode ?

 

 

Thanks in advance 

Hello,

 

the below should do it (important parts marked in bold). The IP address assigned to the VLAN 1 interface is arbitrary, if yours is different, you need to change the access list 1 to match the IP address space you are using.

 

version 15.6
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service internal
!
hostname 829
!
boot-start-marker
boot system flash:/ir800-universalk9-mz.SPA.156-3.M0a
boot-end-marker
!
no aaa new-model
ethernet lmi ce
service-module wlan-ap 0 bootimage autonomous
!
ignition off-timer 900
!
ignition undervoltage threshold 9
!
no ignition enable
!
no ip domain lookup
ip inspect WAAS flush-timeout 10
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
chat-script lte "" "AT!CALL" TIMEOUT 20 "OK"
!
license udi pid IR829-2LTE-EA-BK9 sn FGL2032219N
!
redundancy
notification-timer 120000
!
controller Cellular 0
lte sim data-profile 3 attach-profile 1
lte modem link-recovery rssi onset-threshold -110
lte modem link-recovery monitor-timer 20
lte modem link-recovery wait-timer 10
lte modem link-recovery debounce-count 6

interface GigabitEthernet0
no ip address
shutdown
!
interface GigabitEthernet1
no ip address
!
interface GigabitEthernet2
no ip address
!
interface GigabitEthernet3
no ip address
!
interface GigabitEthernet4
no ip address
!
interface Wlan-GigabitEthernet0
no ip address
!
interface GigabitEthernet5
description Uplink to WAN Router
ip address dhcp
ip nat outside
duplex auto
speed auto
!
interface Cellular0
no ip address
encapsulation slip
dialer in-band
dialer string lte
!
interface Cellular1
no ip address
encapsulation slip
!
interface wlan-ap0
no ip address
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
!
interface Async0
no ip address
encapsulation scada
!
interface Async1
no ip address
encapsulation scada
!
ip forward-protocol nd
!
ip http server
ip http secure-server
!
ip nat inside source list 1 interface GigabitEthernet5 overload
!
ip route 0.0.0.0 0.0.0.0 GigabitEthernet5
!
dialer-list 1 protocol ip permit
!
ipv6 ioam timestamp
!
access-list 1 permit 192.168.1.0
!
control-plane
!
line con 0
stopbits 1
line 1 2
stopbits 1
line 3
script dialer lte
no exec
transport preferred lat pad telnet rlogin lapb-ta mop udptn v120 ssh
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
rxspeed 150000000
txspeed 50000000

!
no scheduler max-task-time

View solution in original post

Georg, Thank you very much. I will try it out on Monday and let you know.  Really appreciate your help

Mr. Pauwen - 

 

I having similar issues with my deployment. In my case I am using the router as a cellular internet router. I have attached my config below. The current config will show the local ports administratively shutdown. I understand that I will need to enable one and/or two and perhaps install a non-addressable switch behind it once I setup DHCP as well. My issue is the NAT and/or PAT. This router wants to see to (2) WAN networks. (1) Hardwire to GE0 and the redundant path to either Cellular 0 or 1. How do we bypass the GE0 and go straight to cellular0 ? This router will always be a cellular router and nothing else. The radio for the cellular 0 is configured and working;(ping test to google DNS)  just not able to pass traffic from the LAN portion of router. 

 

Can you help? 

 

Thank you

Giovanni

 

 

 

Hello,

 

I have made some changes and additions to your configuration (marked in bold), see if you can get it to work:

 

Current configuration : 2889 bytes
!
! Last configuration change at 08:27:30 UTC Fri Jan 8 2021
!
version 15.8
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname IR800
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$vUyn$kmxzxQwKxH41tU0vuUAbT1
enable password 7 08004E4B05150A46405B5D536B
!
no aaa new-model
service-module wlan-ap 0 bootimage autonomous
!
ignition off-timer 900
!
ip cef
ipv6 unicast-routing
ipv6 cef
!
multilink bundle-name authenticated
!
chat-script lte "" "AT!CALL" TIMEOUT 20 "OK"
!
license udi pid IR829B-LTE-EA-BK9 sn FTX2423Z049
!
--> ip dhcp excluded-address 192.168.1.1
!
--> ip dhcp pool LAN
--> network 192.168.1.0 255.255.255.0
--> default-router 192.168.1.1
--> dns-server 8.8.8.8 8.8.4.4
!
redundancy
!
controller Cellular 0
lte sim fast-switchover enable
lte failovertimer 5
no lte gps enable
description VERIZON
!
interface GigabitEthernet0
no ip address
no mop enabled
!
interface GigabitEthernet1
no ip address
shutdown
!
interface GigabitEthernet2
no ip address
shutdown
!
interface GigabitEthernet3
no ip address
shutdown
!
interface GigabitEthernet4
no ip address
shutdown
!
interface Wlan-GigabitEthernet0
no ip address
!
interface GigabitEthernet5
no ip address
shutdown
duplex auto
speed auto
!
interface Cellular0
ip address negotiated
--> ip nat outside
ip virtual-reassembly in
encapsulation slip
dialer in-band
dialer idle-timeout 0
dialer string lte
dialer-group 1
--> no peer default ip address
--> async mode interactive
--> routing dynamic
ipv6 address autoconfig
!
interface Cellular1
no ip address
encapsulation slip
!
interface wlan-ap0
no ip address
shutdown
!
interface Vlan1
--> ip address 192.168.1.1 255.255.255.0
--> ip nat inside
!
interface Async0
no ip address
encapsulation scada
!
interface Async1
no ip address
encapsulation scada
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 Cellular0
!
--> ip nat inside source list 1 interface Cellular0 overload
!
--> access-list 1 permit 192.168.1.0 0.0.0.255
!
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipv6 permit
ipv6 ioam timestamp
!
control-plane
!
line con 0
stopbits 1
line 1 2
stopbits 1
line 3
script dialer lte
no exec
transport preferred lat pad telnet rlogin lapb-ta mop udptn v120 ssh
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
rxspeed 150000000
txspeed 50000000
line 4
no activation-character
no exec
transport preferred none
transport input all
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
line 8
no exec
transport preferred lat pad telnet rlogin lapb-ta mop udptn v120 ssh
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
rxspeed 150000000
txspeed 50000000
line 1/3 1/6
transport preferred none
transport output none
stopbits 1
line vty 0 4
password 7 0028401229085A084E
login
transport input none
!
no scheduler max-task-time
no iox hdm-enable
iox client enable interface GigabitEthernet5
iox hypervisor password 7 153E581829797A2A69
no iox recovery-enable
!
end

Thank you sir. East coast here. Laying down for a nap here shortly. I’ll make the changes you’ve suggested. Can’t thank you enough. I’ll be in touch.

Giovanni

Mr. Pauwen - Thank you for your help. Regrettably the router goes nuts with the changes. Not sure if its something within the cellular controller or perhaps the redundancy built in to this router making bounce back and forth. Perhaps I should explain. When plugging a laptop to the Gigabit Eth 1 (member of Vlan1) the laptop receives an IP address on the proper subnet great intended - however the router starts taking done the cellular connection and building it back up and continues to this several times per minute without stopping. When pinging from the laptop to the router at first I get a reply from the vlan1 subnet with the correct ip address provided then it changes to the IP address provided by Verizon normally a 100.x.x.x/8 (and every time it builds the connection it provides a different address) non-routable from the outside -which its expected. I haven't paid the $500 for the public routable IP address on VZW network. I'm getting into the weeds! I've loaded my config below with your recommendations - additionally I've added the Cellular 0 interface going up and down. From provisioning other webUI 4G LTE routers. This one is non-webUI is considerably different. The WAN should stay just the WAN and any and all traffic headed to the internet should traverse through this interface Cellular 0. It appears when pinging vlan 1 that NAT is working and translating LAN to the WAN address this would be called a passthrough. How do we stop it? I've been a significant amount of Cisco switch work - however I'm far from an expert by any means. This router is kicking my butt. 

 

Thank you for your assistance. 

 

Giovanni

 

 

      

 

     

Hello,

 

there is a very important mistake in your configuration:

 

interface Vlan1
ip address 192.168.1.1 255.255.255.0
--> ip nat outside
ip virtual-reassembly in

 

This needs to be:

 

interface Vlan1
ip address 192.168.1.1 255.255.255.0
--> ip nat inside
ip virtual-reassembly in

 

Also, configure the switchports as:

 

interface GigabitEthernet0
--> switchport mode access
!
interface GigabitEthernet1
--> switchport mode access
!
interface GigabitEthernet2
--> switchport mode access
!
interface GigabitEthernet3
--> switchport mode access
!
interface GigabitEthernet4
--> switchport mode access

Mr. Pauwen - I want to thank you for assistance. As you requested, I've added the commons provided and the router is now working as it should. 

 

Once again thank you for all your help. 

 

Giovanni

 

Hello,

 

good to hear that. Glad that you got it to work.